Encrypt data using a cipher. The list of ciphers available are in the output of cipherNames function.



encrypt source using <cipher> with [password|key] passorkey [and salt saltvalue] [and IV IVvalue] [at bitvalue bit]


On failure encrypt/decrypt set the result to the appropriate ssl error message.

On success the variable it will contain the encrypted or decrypted data.


encrypt "example" using "aes192" with key "zSJmf1pHKa42+mdZfGEM+A=="
put it

The encrypt and Decrypt commands accept the source data that will be encrypted or decrypted. The cipher is the name of the cipher obtained using the ciphernames function. The passorkey specifies the password or key that will be use for encryption or decryption as determined by the keyword before it. If you specify key then the key needs to be the same size (in bits, eight per byte) as the specified cipher key length. The key may optionally be accompanied by the IV value used by some ciphers. If you specify password or don't specify a key mode, then a password, tyically text, will be used. The password may optionally be accompanied by a salt value. The bitvalue specifies the key length in bits (for example, 64, 128, 192 or 256) and may be zero or empty for the default length (that listed with the cipherNames function). Some ciphers have fixed key lengths and using an unsupported value will result in an error.

The key and IV value are the fundamental determiner in block ciphers. The IV value is typically the width (in bits) of the block associated with the cipher. The default value is zero. Its use is beyond the scope of this documentation.

The password and salt value are combined and scrambled to form the key and IV which are used as described above. mThe key derivation process is the same as that used in the openSSL utility. A 16-byte salt prefix is prepended to the encrypted data, based on the salt value. This is used in decryption. If no salt value is specified for a password, one is randomly generated. The use of a randomized salt value is a protection against dictionary attacks.

Some modes of block ciphers will pad data to be a multiple of block size. The padding method is that used by the openSSL utility and is a minimum of one byte.

To use OpenSSL functionality with LiveCode, make sure that the openssl shared library is installed, and in a place where LiveCode can find it. It is pre-installed with OSX. You can download and build OpenSSL at and distribute with your apps. LiveCode includes a prebuilt openssl dll which is required to use OpenSSL for windows (libeay32.dll) which needs to be in the application, current, or system directory. If LiveCode cannot load SSL, it will return the error in the result "ssl library not found".

Example with PHPEdit

You can use livecode in conjustion with PHP, the livecode script can be:

function EncryptIt pTokenText
  local tHex, tKeyHex   
  put "1234567891234567" into tKeyHex
  put "9876543219876543" into tIVHex
  encrypt pTokenText using "aes-128-cbc" with key tKeyHex and IV tIVHex at 128 bit
  put it into tTokenValue
  if the result is Empty then
     return base64Encode( tTokenValue )
     return "Error:" && the result
  end if
end EncryptIt

function DecryptIt pTokenText
  local tHex, tKeyHex   
  put base64decode(pTokenText) into pTokenText   
  put "1234567891234567" into tKeyHex
  put "9876543219876543" into tIVHex
  decrypt pTokenText using "aes-128-cbc" with key tKeyHex and IV tIVHex at 128 bit
  put it into tTokenValue
  if the result is Empty then
     return tTokenValue
     return "Error:" && the result
  end if   
end DecryptIt

the PHP script can be:

 $string="LiveCode Rocks!";
 $encrypted= EncryptIt($string,$key,$iv);
 echo $encrypted."<br>";
 $decrypted= DecryptIt($encrypted,$key,$iv);
 echo $decrypted;
 function EncryptIt($string, $key, $iv){
        // This fixes the padding issue so you can decrypt the encrypted string in LiveCode.
        $blockSize = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
        $padding   = $blockSize - (strlen($string) % $blockSize);
        $string   .= str_repeat(chr($padding), $padding);
        // Hooray!
        $string = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $string, MCRYPT_MODE_CBC, $iv);
        $string = base64_encode($string);
        return $string;
 function DecryptIt($string, $key, $iv){
        $string = base64_decode($string);
        $string = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $string, MCRYPT_MODE_CBC, $iv);
    return $string;

See alsoEdit

See Also: cipherNames Function, decrypt Command, sslcertificates Property, decrypt using rsa Command, encrypt using rsa Command

Community content is available under CC-BY-SA unless otherwise noted.